General

  • Target

    637e270e290ceb0b194d54262ae8fb59d4be9022862e5431b43dfb1234af7a3f

  • Size

    497KB

  • Sample

    240605-3pvhzsca4x

  • MD5

    a35ac4c1ad5556c7b06f1bb2b6744e84

  • SHA1

    6507ffbcaab2b5cbee57855b9cc88db314668c7e

  • SHA256

    637e270e290ceb0b194d54262ae8fb59d4be9022862e5431b43dfb1234af7a3f

  • SHA512

    681efab4f322f2204bef8f1633d2920779dedb94526828ce01a6f4829ac4f656a31ddbd2ce3376ef343fa38f9f9d134cb913e4986d522f187f90f8d04e9bf971

  • SSDEEP

    12288:S4wFHoSyoS3ebeFmFVvlrmwcT4wpteFmFTxl:0KFmFVtrRcFEFmF7

Malware Config

Targets

    • Target

      637e270e290ceb0b194d54262ae8fb59d4be9022862e5431b43dfb1234af7a3f

    • Size

      497KB

    • MD5

      a35ac4c1ad5556c7b06f1bb2b6744e84

    • SHA1

      6507ffbcaab2b5cbee57855b9cc88db314668c7e

    • SHA256

      637e270e290ceb0b194d54262ae8fb59d4be9022862e5431b43dfb1234af7a3f

    • SHA512

      681efab4f322f2204bef8f1633d2920779dedb94526828ce01a6f4829ac4f656a31ddbd2ce3376ef343fa38f9f9d134cb913e4986d522f187f90f8d04e9bf971

    • SSDEEP

      12288:S4wFHoSyoS3ebeFmFVvlrmwcT4wpteFmFTxl:0KFmFVtrRcFEFmF7

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Detects executables built or packed with MPress PE compressor

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks